Описание
Security update for cobbler
This update for cobbler fixes the following issues:
Security issue fixed:
- CVE-2018-10931: Forbid exposure of private methods in the API (bsc#1104287, bsc#1104189)
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
koan-2.2.2-0.68.6.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
koan-2.2.2-0.68.6.1
Ссылки
- Link for SUSE-SU-2018:2550-1
- E-Mail link for SUSE-SU-2018:2550-1
- SUSE Security Ratings
- SUSE Bug 1104189
- SUSE Bug 1104287
- SUSE CVE CVE-2018-10931 page
Описание
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.6.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:koan-2.2.2-0.68.6.1
Ссылки
- CVE-2018-10931
- SUSE Bug 1104189
- SUSE Bug 1104190
- SUSE Bug 1104287
- SUSE Bug 1105440
- SUSE Bug 1105442
- SUSE Bug 1130105